aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services
Commit message (Collapse)AuthorAgeFilesLines
* odhcpd: update to latest git HEADHans Dedecker2021-06-131-3/+3
| | | | | | 564d25e config: fix ra_flags none setting Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* package: fix cmake packages build with ninjaRosen Penev2021-06-121-1/+1
| | | | | | | | += is needed for CMAKE_OPTIONS. mt76 needs Ninja disabled as the kernel stuff uses normal make. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* hostapd: configure inter-AP communication interface for 802.11rFelix Fietkau2021-06-052-0/+39
| | | | | | | In setups using VLAN bridge filtering, hostapd may need to communicate using a VLAN interface on top of the bridge, instead of using the bridge directly Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix bringing up vlan interfaces with the no-bridge optionFelix Fietkau2021-06-041-7/+15
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* odhcpd: update to git HEADHans Dedecker2021-06-031-3/+3
| | | | | | | | a12fcb3 config: log config parse failures to syslog ebd4297 cmake: enforce additonal compiler checks 405da32 odhcpd: fix extra compiler warning Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: fix radius problem due to invalid attributesJohn Crispin2021-06-031-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | The offending commit caused the configuration file to contain: radius_auth_req_attr= radius_acct_req_attr= which cause hostapd to add an ATTR of type 0 into the messages. hostapd: RADIUS message: code=4 (Accounting-Request) identifier=0 length=93 hostapd: Attribute 40 (Acct-Status-Type) length=6 hostapd: Value: 7 hostapd: Attribute 30 (Called-Station-Id) length=28 hostapd: Value: 'C4-41-1E-F5-2D-55:OpenWifi' hostapd: Attribute 61 (NAS-Port-Type) length=6 hostapd: Value: 19 hostapd: Attribute 0 (?Unknown?) length=3 <---------------- hostapd: Attribute 55 (Event-Timestamp) length=6 hostapd: Value: 1622726457 hostapd: Attribute 41 (Acct-Delay-Time) length=6 hostapd: Value: 0 hostapd: Attribute 44 (Acct-Session-Id) length=18 hostapd: Value: '9B5961E7235AAEC6' Fixes: 3bd6c8c728e (hostapd: add additional radius options) Signed-off-by: John Crispin <john@phrozen.org>
* hostapd: add eap_server supportJohn Crispin2021-06-021-4/+21
| | | | | | | This makes it possible to avoid using a RADIUS server for WPA enterprise authentication Signed-off-by: John Crispin <john@phrozen.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add default values for r0kh/r1khFelix Fietkau2021-06-021-0/+7
| | | | | | | This allows WPA enterprise roaming in the same mobility domain without any manual key configuration (aside from radius credentials) Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add support for specifying the maxassoc parameter as a device optionFelix Fietkau2021-06-022-1/+85
| | | | | | | It allows enforcing a limit on associated stations to be enforced for the full device, e.g. in order to deal with hardware/driver limitations Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add support for configuring proxy ARPFelix Fietkau2021-06-021-2/+6
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add configurable rssi thresholds for rejecting assoc/probe requestsFelix Fietkau2021-06-021-1/+5
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add support for configuring the beacon rateFelix Fietkau2021-06-021-1/+3
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update to version 2021-05-22Adrian Schmutzler2021-05-291-4/+4
| | | | | | | | | | | This update only adds one commit: b102f19bcc53 tests: Opportunistic Wireless Encryption - SA Query The main reason for the bump is to have a newer PKG_SOURCE_DATE, so we can reset PKG_RELEASE to 1 (this has not been done for the most recent bump), and replace it with AUTORELEASE. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* hostapd: support verbose build using V=scFelix Fietkau2021-05-271-0/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: ACS: fix channel 100 frequencyDavid Bauer2021-05-262-1/+31
| | | | | | | | | | | Channel 100 is a valid channel to choose for 80MHz operation. However, it's assigned to 5500 MHz, not 5550MHz. In fact, there is no channel assigned to this frequency. Fix this obbvious typo to allow ACS to select channel 100 for 80 MHz operation again. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: fix adding back stations after a missed deauth/disassocFelix Fietkau2021-05-263-11/+37
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update to version 2021-05-21Felix Fietkau2021-05-2653-2295/+238
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add support for configuring rts thresholdFelix Fietkau2021-05-261-1/+4
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix max_oper_chwidth setting for HEFelix Fietkau2021-05-261-3/+3
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add additional radius optionsJohn Crispin2021-05-261-2/+17
| | | | | | | | | - add functionality to configure RADIUS NAS-Id and Operator-Name - add functionality to configure RADIUS accounting interval - enable RADIUS "Chargeable User Identity" Signed-off-by: John Crispin <john@phrozen.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add extra options for hotspot 2.0 / interworkingFelix Fietkau2021-05-261-4/+25
| | | | | Signed-off-by: John Crispin <john@phrozen.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: report radar detected events via ubusFelix Fietkau2021-05-263-0/+38
| | | | | | Events are reported on all BSS interfaces Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: improve channel switch supportFelix Fietkau2021-05-261-3/+9
| | | | | | | | Instead of requiring the user to call it on each BSS individually, run it on all BSSs internally. Signed-off-by: John Crispin <john@phrozen.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add missing inline stubs for ubus vlan event supportFelix Fietkau2021-05-261-0/+8
| | | | | | Only used when building without ubus support Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix civic location optionJohn Crispin2021-05-261-1/+1
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* hostapd: wolfssl: add RNG to EC keyDavid Bauer2021-05-212-1/+49
| | | | | | | | | | Since upstream commit 6467de5a8840 ("Randomize z ordinates in scalar mult when timing resistant") WolfSSL requires a RNG for the EC key when built hardened which is the default. Set the RNG for the EC key to fix connections for OWE clients. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: add patch for disabling automatic bridging of vlan interfacesFelix Fietkau2021-05-182-3/+40
| | | | | | | netifd is responsible for handling that, except if the vlan bridge was provided by the config Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add ubus notifications for adding/removing vlan interfacesFelix Fietkau2021-05-184-1/+78
| | | | | | | This can be used to handle network configuration of dynamically created vlan interfaces in a more flexible way Signed-off-by: Felix Fietkau <nbd@nbd.name>
* umdns: bump to git HEADStijn Tintel2021-05-161-3/+3
| | | | | | 777a0b service: fix compilation with GCC 10 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* build: introduce $(MKHASH)Leonardo Mörlein2021-05-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this commit, it was assumed that mkhash is in the PATH. While this was fine for the normal build workflow, this led to some issues if make TOPDIR="$(pwd)" -C "$pkgdir" compile was called manually. In most of the cases, I just saw warnings like this: make: Entering directory '/home/.../package/gluon-status-page' bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found bash: line 1: mkhash: command not found [...] While these were only warnings and the package still compiled sucessfully, I also observed that some package even fail to build because of this. After applying this commit, the variable $(MKHASH) is introduced. This variable points to $(STAGING_DIR_HOST)/bin/mkhash, which is always the correct path. Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
* dnsmasq: Update to version 2.85Alan Swanson2021-05-054-92/+6
| | | | | | | | | | | | | | | | | | | | | Fixes issue with merged DNS requests in 2.83/2.84 not being retried on the firsts failed request causing lookup failures. Also fixes the following security problem in dnsmasq: * CVE-2021-3448: If specifiying the source address or interface to be used when contacting upstream name servers such as: server=8.8.8.8@1.2.3.4, server=8.8.8.8@1.2.3.4#66 and server=8.8.8.8@eth0 then all would use the same socket bound to the explicitly configured port. Now only server=8.8.8.8@1.2.3.4#66 will use the explicitly configured port and the others random source ports. Remove upstreamed patches and update remaining patch. Signed-off-by: Alan Swanson <reiver@improbability.net> [refreshed old runtime support patch] Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: add ignore hosts dir to dnsmasq init scriptJoão Henriques2021-04-241-1/+6
| | | | | | | | When running multiple instances of dnsmasq, for example one being for the lan and another for a guest network, it might not be desirable to have the same dns names configured in both networks Signed-off-by: João Henriques <joaoh88@gmail.com>
* umdns: add missing syscalls to seccomp filterDaniel Golle2021-04-101-27/+30
| | | | | | | | | | | | | | | Looks like 'openat', 'pipe2' and 'ppoll' are now needed, possibly due to changes on libraries used by umdns now using slightly different calls. Found using /etc/init.d/umdns trace now use umdns, ie. cover all ubus call etc., then /etc/init.d/umdns stop find list of syscalls traced in /tmp/umdns.*.json Fixes: FS#3355 ("UMDNS: does not start on master with seccomp") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* lldpd: further size reductionsStijn Tintel2021-04-051-2/+2
| | | | | | | | | | | Size difference on mips_4kec: Before: 120196 After: 120006 Closes https://github.com/openwrt/openwrt/pull/3823 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Suggested-by: Lucian Cristian <lucian.cristian@gmail.com>
* lldpd: enable LTOStijn Tintel2021-04-051-1/+4
| | | | | | | | | Size difference on mips_4kec: W/o LTO: 139674 W/ LTO: 120196 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Suggested-by: Lucian Cristian <lucian.cristian@gmail.com>
* lldpd: bump to 1.0.9Stijn Tintel2021-04-052-64/+3
| | | | | | Contains fixes related to CVE-2020-27827. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* lldpd: add libcap dependencyStijn Tintel2021-04-052-19/+2
| | | | | | | | | Now that libcap is in OpenWrt base, we can drop our custom patch to disable libcap support and have lldpd depend on it instead. This will allow the monitor process to drop its privileges instead of running as root, improving security. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: enable airtime policy for the -basic variantsRui Salvaterra2021-04-031-1/+1
| | | | | | | | | | | | | | Airtime policy configuration is extremely useful in multiple BSS scenarios. Since nowadays most people configure both private and guest networks (at least), it makes sense to enable it by default, except for the most limited of the variants. Size of the hostapd-basic-openssl binary (mipsel 24Kc -O2): 543944 bytes (airtime policy disabled) 548040 bytes (airtime policy enabled) Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> Acked-by: Daniel Golle <daniel@makrotopia.org>
* igmpproxy: remove packageJan Pavlinec2021-03-213-221/+0
| | | | | | | | | Moved to packages repo because it was considered non-essential for most router configurations. Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz> [shorten commit title] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* uhttpd: update to git HEADHauke Mehrtens2021-03-211-4/+4
| | | | | | 15346de client: Always close connection with request body in case of error Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uhttpd: Execute uci commit and reload_config onceHauke Mehrtens2021-03-211-4/+6
| | | | | | | | Instead of doing uci commit and reload_config for each setting do it only once when one of these options was changed. This should make it a little faster when both conditions are taken. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uhttpd: Reload config after uhttpd-mod-ubus was addedHauke Mehrtens2021-03-212-1/+3
| | | | | | | | | | | | Without this change the config is only committed, but the uhttpd daemon is not reloaded. This reload is needed to apply the config. Without the reload of uhttpd, the ubus server is not available over http and returns a Error 404. This caused problems when installing luci on the snapshots and accessing it without reloading uhttpd. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* umdns: add syscalls needed on Aarch64Daniel Golle2021-03-191-0/+1
| | | | | | | Now that ujail supports seccomp also on Aarch64, add missing syscall 'fstat' to the list of allowed syscalls. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ppp: compile fix: unset FILTER variable in MakefileEike Ritter2021-03-191-0/+12
| | | | | | | | | | | | | | | | If the environment variable FILTER is set before compilation, compilation of the ppp-package will fail with the error message Package ppp is missing dependencies for the following libraries: libpcap.so.1 The reason is that the OpenWrt-patch for the Makefile only comments out the line FILTER=y. Hence the pcap-library will be dynamically linked if the environment variable FILTER is set elsewhere, which causes compilation to fail. The fix consists on explicitly unsetting the variable FILTER instead. Signed-off-by: Eike Ritter <git@rittere.co.uk>
* hostapd: P2P: Fix a corner case in peer addition based on PD RequestStefan Lippers-Hollmann2021-03-011-0/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | p2p_add_device() may remove the oldest entry if there is no room in the peer table for a new peer. This would result in any pointer to that removed entry becoming stale. A corner case with an invalid PD Request frame could result in such a case ending up using (read+write) freed memory. This could only by triggered when the peer table has reached its maximum size and the PD Request frame is received from the P2P Device Address of the oldest remaining entry and the frame has incorrect P2P Device Address in the payload. Fix this by fetching the dev pointer again after having called p2p_add_device() so that the stale pointer cannot be used. This fixes the following security vulnerabilities/bugs: - CVE-2021-27803 - A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request") Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
* igmpproxy: update to version 0.3Jan Pavlinec2021-03-011-11/+3
| | | | | | | | | Changes: - Remove custom Build/Compile because it's no longer needed - Remove std=gnu99 which is added automaticaly by igmpproxy if needed - Remove -Dlog from CFLAGS because igmpproxy doesn't have log function Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* kernel: migrate wireguard into the kernel treeIlya Lipnitskiy2021-02-261-88/+0
| | | | | | | | | | On Linux 5.4, build WireGuard from backports. Linux 5.10 contains wireguard in-tree. Add in-kernel crypto libraries required by WireGuard along with arch-specific optimizations. Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
* ppp: Update to version 2.4.9Hauke Mehrtens2021-02-2431-891/+226
| | | | | | | | | | | | | | | | | | | | | | | | Upstream integrated multiple patches from Distributions and did other changes: * rp-pppoe.so was renamed to pppoe.so * Converted to ANSI C The following patches were applied upstream: * 100-debian_ip-ip_option.patch * 101-debian_close_dev_ppp.patch * 103-debian_fix_link_pidfile.patch * 106-debian_stripMSdomain.patch * 107-debian_pppoatm_wildcard.patch * 110-debian_defaultroute.patch * 202-no_strip.patch Compilation with musl libc was fixed upstream so 140-pppoe_compile_fix.patch is not needed any more Parts of the 203-opt_flags.patch patch were applied in a different way upstream. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wireguard: don't build on Linux 5.10Ilya Lipnitskiy2021-02-231-2/+2
| | | | | | | | | | | | There are efforts underway to bring wireguard in-tree for Linux 5.4 and to have a common build infrastructure for both 5.4 and 5.10 for kmod-wireguard[0]. Until then, restrict kmod-wireguard to build only on Linux 5.4, because the wireguard-compat package will not build on Linux 5.10. [0]: https://github.com/openwrt/openwrt/pull/3885 Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
* hostapd: backport ignoring 4addr mode enabling errorRaphaël Mélotte2021-02-203-38/+79
| | | | | | | | | | | | | | | | | | | | This is a backport of the upstream commit 58bbbb598144 ("nl80211: Ignore 4addr mode enabling error if it was already enabled") which fixes same issue as in the current fix contained in '130-wpa_supplicant-multi_ap_roam.patch', but in a different way: nl80211_set_4addr_mode() could fail when trying to enable 4addr mode on an interface that is in a bridge and has 4addr mode already enabled. This operation would not have been necessary in the first place and this failure results in disconnecting, e.g., when roaming from one backhaul BSS to another BSS with Multi AP. Avoid this issue by ignoring the nl80211 command failure in the case where 4addr mode is being enabled while it has already been enabled. Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be> [bump PKG_RELEASE, more verbose commit description] Signed-off-by: Petr Štetiar <ynezz@true.cz>